diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS new file mode 100644 index 0000000..ec25d53 --- /dev/null +++ b/.github/CODEOWNERS @@ -0,0 +1 @@ +* @Flaconi/devops diff --git a/.github/release-drafter.yml b/.github/release-drafter.yml new file mode 100644 index 0000000..2ee7c07 --- /dev/null +++ b/.github/release-drafter.yml @@ -0,0 +1,24 @@ +# Configuration for Release Drafter: https://github.com/toolmantim/release-drafter +name-template: '$NEXT_MINOR_VERSION 🌈' +tag-template: '$NEXT_MINOR_VERSION' +categories: + - title: '🚀 Features' + labels: + - feature + - enhancement + - title: '🐛 Bug Fixes' + labels: + - fix + - bugfix + - bug + - title: '🧰 Maintenance' + labels: + - chore + - dependencies +change-template: '- $TITLE @$AUTHOR (#$NUMBER)' +branches: + - master +template: | + ## What's Changed + + $CHANGES diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml new file mode 100644 index 0000000..0577ed5 --- /dev/null +++ b/.github/workflows/linting.yml @@ -0,0 +1,27 @@ +--- + +### +### Lints all generic and json files in the whole git repository +### + +name: linting +on: + pull_request: + push: + branches: + - master + tags: + +jobs: + lint: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@master + + - name: Terraform lint + uses: actionshub/terraform-lint@main + + - name: Files lint + run: | + make "lint-files" diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml new file mode 100644 index 0000000..e627dfd --- /dev/null +++ b/.github/workflows/release-drafter.yml @@ -0,0 +1,15 @@ +name: Release Drafter + +on: + push: + # branches to consider in the event; optional, defaults to all + branches: + - master + +jobs: + update_release_draft: + runs-on: ubuntu-latest + steps: + - uses: release-drafter/release-drafter@v5 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/terraform-docs.yml b/.github/workflows/terraform-docs.yml new file mode 100644 index 0000000..d1357cf --- /dev/null +++ b/.github/workflows/terraform-docs.yml @@ -0,0 +1,20 @@ +--- + +### +### Checks terraform-docs generation +### + +name: terraform-docs +on: [pull_request] + +jobs: + docs: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@master + + - name: terraform-docs + run: | + make terraform-docs + git diff --quiet || { echo "Build Changes"; git diff; git status; false; } diff --git a/Makefile b/Makefile index 631520d..12f51a4 100644 --- a/Makefile +++ b/Makefile @@ -2,173 +2,95 @@ ifneq (,) .error This Makefile requires GNU Make. endif -.PHONY: help gen lint test _gen-main _gen-examples _gen-modules _lint_files _lint_fmt _pull-tf _pull-tf-docs +# ------------------------------------------------------------------------------------------------- +# Default configuration +# ------------------------------------------------------------------------------------------------- +.PHONY: help lint lint-files terraform-docs terraform-fmt _pull-tf _pull-tfdocs +CURRENT_DIR = $(PWD) -CURRENT_DIR = $(dir $(abspath $(lastword $(MAKEFILE_LIST)))) -TF_EXAMPLES = $(sort $(dir $(wildcard $(CURRENT_DIR)examples/*/))) -TF_MODULES = $(sort $(dir $(wildcard $(CURRENT_DIR)modules/*/))) -TF_VERSION = light -TF_DOCS_VERSION = 0.6.0 +# ------------------------------------------------------------------------------------------------- +# Docker image versions +# ------------------------------------------------------------------------------------------------- +TF_VERSION = 0.13.7 +FL_VERSION = 0.4 + +FL_IGNORE_PATHS = .git/,.github/,.idea/ + +# ------------------------------------------------------------------------------------------------- +# Terraform-docs configuration +# ------------------------------------------------------------------------------------------------- +TFDOCS_VERSION = 0.9.1-0.28 # Adjust your delimiter here or overwrite via make arguments -DELIM_START = -DELIM_CLOSE = +TFDOCS_DELIM_START = +TFDOCS_DELIM_CLOSE = + +# ------------------------------------------------------------------------------------------------- +# Meta Targets +# ------------------------------------------------------------------------------------------------- help: - @echo "gen Generate terraform-docs output and replace in all README.md's" - @echo "lint Static source code analysis" - @echo "test Integration tests" + @echo + @echo "Meta targets" + @echo "--------------------------------------------------------------------------------" + @echo " help Show this help screen" + @echo + @echo "Read-only targets" + @echo "--------------------------------------------------------------------------------" + @echo " lint Lint basics as well as *.tf and *.tfvars files" + @echo " lint-files Lint basics" + @echo + @echo "Writing targets" + @echo "--------------------------------------------------------------------------------" + @echo " terraform-docs Run terraform-docs against all README.md" + @echo " terraform-fmt Run terraform-fmt against *.tf and *.tfvars files" + + +# ------------------------------------------------------------------------------------------------- +# Read-only Targets +# ------------------------------------------------------------------------------------------------- -gen: _pull-tf-docs +lint: + @$(MAKE) --no-print-directory terraform-fmt _WRITE=false + @$(MAKE) --no-print-directory lint-files + +lint-files: @echo "################################################################################" - @echo "# Terraform-docs generate" + @echo "# file-lint" @echo "################################################################################" - @$(MAKE) --no-print-directory _gen-main - @$(MAKE) --no-print-directory _gen-examples - @$(MAKE) --no-print-directory _gen-modules - -lint: _pull-tf - @$(MAKE) --no-print-directory _lint_files - @$(MAKE) --no-print-directory _lint_fmt - -test: _pull-tf - @$(foreach example,\ - $(TF_EXAMPLES),\ - DOCKER_PATH="/t/examples/$(notdir $(patsubst %/,%,$(example)))"; \ - echo "################################################################################"; \ - echo "# examples/$$( basename $${DOCKER_PATH} )"; \ - echo "################################################################################"; \ - echo; \ - echo "------------------------------------------------------------"; \ - echo "# Terraform init"; \ - echo "------------------------------------------------------------"; \ - if docker run -it --rm -v "$(CURRENT_DIR):/t" --workdir "$${DOCKER_PATH}" hashicorp/terraform:$(TF_VERSION) \ - init \ - -verify-plugins=true \ - -lock=false \ - -upgrade=true \ - -reconfigure \ - -input=false \ - -get-plugins=true \ - -get=true \ - .; then \ - echo "OK"; \ - else \ - echo "Failed"; \ - docker run -it --rm -v "$(CURRENT_DIR):/t" --workdir "$${DOCKER_PATH}" --entrypoint=rm hashicorp/terraform:$(TF_VERSION) -rf .terraform/ || true; \ - exit 1; \ - fi; \ - echo; \ - echo "------------------------------------------------------------"; \ - echo "# Terraform validate"; \ - echo "------------------------------------------------------------"; \ - if docker run -it --rm -v "$(CURRENT_DIR):/t" --workdir "$${DOCKER_PATH}" hashicorp/terraform:$(TF_VERSION) \ - validate \ - $(ARGS) \ - .; then \ - echo "OK"; \ - docker run -it --rm -v "$(CURRENT_DIR):/t" --workdir "$${DOCKER_PATH}" --entrypoint=rm hashicorp/terraform:$(TF_VERSION) -rf .terraform/ || true; \ - else \ - echo "Failed"; \ - docker run -it --rm -v "$(CURRENT_DIR):/t" --workdir "$${DOCKER_PATH}" --entrypoint=rm hashicorp/terraform:$(TF_VERSION) -rf .terraform/ || true; \ - exit 1; \ - fi; \ - echo; \ - ) - -_gen-main: - @echo "------------------------------------------------------------" - @echo "# Main module" - @echo "------------------------------------------------------------" - @if docker run --rm \ - -v $(CURRENT_DIR):/data \ - -e DELIM_START='$(DELIM_START)' \ - -e DELIM_CLOSE='$(DELIM_CLOSE)' \ - cytopia/terraform-docs:$(TF_DOCS_VERSION) \ - terraform-docs-replace-012 --sort-inputs-by-required --with-aggregate-type-defaults md README.md; then \ - echo "OK"; \ - else \ - echo "Failed"; \ - exit 1; \ - fi - -_gen-examples: - @$(foreach example,\ - $(TF_EXAMPLES),\ - DOCKER_PATH="examples/$(notdir $(patsubst %/,%,$(example)))"; \ - echo "------------------------------------------------------------"; \ - echo "# $${DOCKER_PATH}"; \ - echo "------------------------------------------------------------"; \ - if docker run --rm \ - -v $(CURRENT_DIR):/data \ - --workdir "/data/$${DOCKER_PATH}" \ - -e DELIM_START='$(DELIM_START)' \ - -e DELIM_CLOSE='$(DELIM_CLOSE)' \ - cytopia/terraform-docs:$(TF_DOCS_VERSION) \ - terraform-docs-replace-012 --sort-inputs-by-required --with-aggregate-type-defaults md $${DOCKER_PATH}/README.md; then \ - echo "OK"; \ - else \ - echo "Failed"; \ - exit 1; \ - fi; \ - ) - -_gen-modules: - @$(foreach module,\ - $(TF_MODULES),\ - DOCKER_PATH="modules/$(notdir $(patsubst %/,%,$(module)))"; \ - echo "------------------------------------------------------------"; \ - echo "# $${DOCKER_PATH}"; \ - echo "------------------------------------------------------------"; \ - if docker run --rm \ - -v $(CURRENT_DIR):/data \ - -e DELIM_START='$(DELIM_START)' \ - -e DELIM_CLOSE='$(DELIM_CLOSE)' \ - cytopia/terraform-docs:$(TF_DOCS_VERSION) \ - terraform-docs-replace-012 --sort-inputs-by-required --with-aggregate-type-defaults md $${DOCKER_PATH}/README.md; then \ - echo "OK"; \ - else \ - echo "Failed"; \ - exit 1; \ - fi; \ - ) - -_lint_files: - @# Lint all non-binary files for trailing spaces + @docker run --rm -v $(PWD):/data cytopia/file-lint:$(FL_VERSION) file-cr --text --ignore '$(FL_IGNORE_PATHS)' --path . + @docker run --rm -v $(PWD):/data cytopia/file-lint:$(FL_VERSION) file-crlf --text --ignore '$(FL_IGNORE_PATHS)' --path . + @docker run --rm -v $(PWD):/data cytopia/file-lint:$(FL_VERSION) file-trailing-single-newline --text --ignore '$(FL_IGNORE_PATHS)' --path . + @docker run --rm -v $(PWD):/data cytopia/file-lint:$(FL_VERSION) file-trailing-space --text --ignore '$(FL_IGNORE_PATHS)' --path . + @docker run --rm -v $(PWD):/data cytopia/file-lint:$(FL_VERSION) file-utf8 --text --ignore '$(FL_IGNORE_PATHS)' --path . + @docker run --rm -v $(PWD):/data cytopia/file-lint:$(FL_VERSION) file-utf8-bom --text --ignore '$(FL_IGNORE_PATHS)' --path . + + +# ------------------------------------------------------------------------------------------------- +# Writing Targets +# ------------------------------------------------------------------------------------------------- + +terraform-docs: _pull-tfdocs @echo "################################################################################" - @echo "# Lint files" + @echo "# Terraform-docs generate" @echo "################################################################################" @echo - @echo "------------------------------------------------------------" - @echo "# Trailing spaces" - @echo "------------------------------------------------------------" - find . -type f -not \( -path "*/.git/*" -o -path "*/.github/*" -o -path "*/.terraform/*" \) -print0 \ - | xargs -0 -n1 grep -Il '' \ - | tr '\n' '\0' \ - | xargs -0 -n1 \ - sh -c 'if [ -f "$${1}" ]; then if LC_ALL=C grep --color=always -inHE "^.*[[:blank:]]+$$" "$${1}";then false; else true; fi; fi' -- - @echo - @echo "------------------------------------------------------------" - @echo "# Windows line feeds (CRLF)" - @echo "------------------------------------------------------------" - find . -type f -not \( -path "*/.git/*" -o -path "*/.github/*" -o -path "*/.terraform/*" \) -print0 \ - | xargs -0 -n1 grep -Il '' \ - | tr '\n' '\0' \ - | xargs -0 -n1 \ - sh -c 'if [ -f "$${1}" ]; then if file "$${1}" | grep --color=always -E "[[:space:]]CRLF[[:space:]].*line"; then false; else true; fi; fi' -- - @echo - @echo "------------------------------------------------------------" - @echo "# Single trailing newline" - @echo "------------------------------------------------------------" - find . -type f -not \( -path "*/.git/*" -o -path "*/.github/*" -o -path "*/.terraform/*" \) -print0 \ - | xargs -0 -n1 grep -Il '' \ - | tr '\n' '\0' \ - | xargs -0 -n1 \ - sh -c 'if [ -f "$${1}" ]; then if ! (tail -c 1 "$${1}" | grep -Eq "^$$" && tail -c 2 "$${1}" | grep -Eqv "^$$"); then echo "$${1}"; false; else true; fi; fi' -- + @if docker run --rm $$(tty -s && echo "-it" || echo) \ + -v "$(CURRENT_DIR):/data" \ + -e TFDOCS_DELIM_START='$(TFDOCS_DELIM_START)' \ + -e TFDOCS_DELIM_CLOSE='$(TFDOCS_DELIM_CLOSE)' \ + cytopia/terraform-docs:$(TFDOCS_VERSION) \ + terraform-docs-replace --sort-inputs-by-required --with-aggregate-type-defaults md README.md; then \ + echo "OK"; \ + else \ + echo "Failed"; \ + exit 1; \ + fi; @echo -_lint_fmt: +terraform-fmt: _WRITE=true +terraform-fmt: _pull-tf @# Lint all Terraform files @echo "################################################################################" @echo "# Terraform fmt" @@ -177,8 +99,13 @@ _lint_fmt: @echo "------------------------------------------------------------" @echo "# *.tf files" @echo "------------------------------------------------------------" - @if docker run --rm -v "$(CURRENT_DIR):/t:ro" --workdir "/t" hashicorp/terraform:$(TF_VERSION) \ - fmt -check=true -diff=true -write=false -list=true /t; then \ + @if docker run $$(tty -s && echo "-it" || echo) --rm \ + -v "$(PWD):/data" hashicorp/terraform:$(TF_VERSION) fmt \ + $$(test "$(_WRITE)" = "false" && echo "-check" || echo "-write=true") \ + -diff \ + -list=true \ + -recursive \ + /data; then \ echo "OK"; \ else \ echo "Failed"; \ @@ -188,8 +115,14 @@ _lint_fmt: @echo "------------------------------------------------------------" @echo "# *.tfvars files" @echo "------------------------------------------------------------" - @if docker run --rm --entrypoint=/bin/sh -v "$(CURRENT_DIR)/terraform:/t:ro" hashicorp/terraform:$(TF_VERSION) \ - -c "find . -name '*.tfvars' -type f -print0 | xargs -0 -n1 terraform fmt -check=true -write=false -diff=true -list=true"; then \ + @if docker run $$(tty -s && echo "-it" || echo) --rm --entrypoint=/bin/sh \ + -v "$(PWD):/data" hashicorp/terraform:$(TF_VERSION) \ + -c "find . -not \( -path './*/.terragrunt-cache/*' -o -path './*/.terraform/*' \) \ + -name '*.tfvars' -type f -print0 \ + | xargs -0 -n1 terraform fmt \ + $$(test '$(_WRITE)' = 'false' && echo '-check' || echo '-write=true') \ + -diff \ + -list=true"; then \ echo "OK"; \ else \ echo "Failed"; \ @@ -197,8 +130,14 @@ _lint_fmt: fi; @echo + +# ------------------------------------------------------------------------------------------------- +# Helper Targets +# ------------------------------------------------------------------------------------------------- + +# Ensure to always have the latest Terraform version _pull-tf: docker pull hashicorp/terraform:$(TF_VERSION) -_pull-tf-docs: - docker pull cytopia/terraform-docs:$(TF_DOCS_VERSION) +_pull-tfdocs: + docker pull cytopia/terraform-docs:$(TFDOCS_VERSION) diff --git a/README.md b/README.md index 9c12619..208c703 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,7 @@ # AWS Bastion SSM IAM -[![Build Status](https://travis-ci.com/Flaconi/terraform-aws-bastion-ssm-iam.svg?branch=master)](https://travis-ci.com/Flaconi/terraform-aws-bastion-ssm-iam) +[![Lint Status](https://github.com/Flaconi/terraform-aws-bastion-ssm-iam/actions/workflows/linting.yml/badge.svg?branch=master)](https://github.com/Flaconi/terraform-aws-bastion-ssm-iam/actions/workflows/linting.yml) +[![Docs Status](https://github.com/Flaconi/terraform-aws-bastion-ssm-iam/actions/workflows/terraform-docs.yml/badge.svg?branch=master)](https://github.com/Flaconi/terraform-aws-bastion-ssm-iam/actions/workflows/terraform-docs.yml) [![Tag](https://img.shields.io/github/tag/Flaconi/terraform-aws-bastion-ssm-iam.svg)](https://github.com/Flaconi/terraform-aws-bastion-ssm-iam/releases) [![license](http://img.shields.io/badge/license-MIT-brightgreen.svg)](http://opensource.org/licenses/MIT) @@ -39,18 +40,34 @@ Example: +## Requirements + +| Name | Version | +|------|---------| +| terraform | >= 0.12.26 | +| aws | >= 3 | +| random | >= 3.1 | + +## Providers + +| Name | Version | +|------|---------| +| aws | >= 3 | +| random | >= 3.1 | +| template | n/a | + ## Inputs | Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| subnet\_ids | The subnets where the Bastion can reside in, they can be private | list | n/a | yes | -| vpc\_id | The VPC-ID | string | n/a | yes | -| create\_new\_ssm\_document | This module can create a new SSM document for the SSH Terminal | bool | `"false"` | no | -| create\_security\_group | This module can create a security group for the bastion instance by default | bool | `"true"` | no | -| instance\_type | The instance type of the bastion | string | `"t3.nano"` | no | -| log\_retention | The amount of days the logs need to be kept | number | `"30"` | no | -| name | The name to be interpolated, defaults to bastion-ssm-iam | string | `"bastion-ssm-iam"` | no | -| security\_group\_ids | The security group ids which can be given to the bastion instance, defaults to empty | list | `[]` | no | +|------|-------------|------|---------|:--------:| +| subnet\_ids | The subnets where the Bastion can reside in, they can be private | `list(string)` | n/a | yes | +| vpc\_id | The VPC-ID | `string` | n/a | yes | +| create\_new\_ssm\_document | This module can create a new SSM document for the SSH Terminal | `bool` | `false` | no | +| create\_security\_group | This module can create a security group for the bastion instance by default | `bool` | `true` | no | +| instance\_type | The instance type of the bastion | `string` | `"t3.nano"` | no | +| log\_retention | The amount of days the logs need to be kept | `number` | `30` | no | +| name | The name to be interpolated, defaults to bastion-ssm-iam | `string` | `"bastion-ssm-iam"` | no | +| security\_group\_ids | The security group ids which can be given to the bastion instance, defaults to empty | `list(string)` | `[]` | no | ## Outputs @@ -65,4 +82,4 @@ Example: [MIT](LICENSE) -Copyright (c) 2019 [Flaconi GmbH](https://github.com/Flaconi) +Copyright (c) 2021 [Flaconi GmbH](https://github.com/Flaconi) diff --git a/variables.tf b/variables.tf index 4d622cb..14f4ad5 100644 --- a/variables.tf +++ b/variables.tf @@ -22,7 +22,7 @@ variable "vpc_id" { } variable "subnet_ids" { - type = list + type = list(string) description = "The subnets where the Bastion can reside in, they can be private" } @@ -40,7 +40,7 @@ variable "create_security_group" { } variable "security_group_ids" { - type = list + type = list(string) description = "The security group ids which can be given to the bastion instance, defaults to empty" default = [] } diff --git a/versions.tf b/versions.tf new file mode 100644 index 0000000..63e9c0f --- /dev/null +++ b/versions.tf @@ -0,0 +1,13 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = ">= 3" + } + random = { + source = "hashicorp/random" + version = ">= 3.1" + } + } + required_version = ">= 0.12.26" +}